| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Memory corruption while processing pin reply in Bluetooth, when pin code received from APP layer is greater than expected size. |
| Memory corruption when resource manager sends the host kernel a reply message with multiple fragments. |
| Memory corruption while processing IOCTL handler in FastRPC. |
| Memory Corruption in Data Modem while processing DMA buffer release event about CFR data. |
| Memory corruption when HLOS allocates the response payload buffer to copy the data received from ADSP in response to AVCS_LOAD_MODULE command. |
| Memory corruption while processing Listen Sound Model client payload buffer when there is a request for Listen Sound session get parameter from ST HAL. |
| Memory corruption in Audio while calling START command on host voice PCM multiple times for the same RX or TX tap points. |
| Memory corruption while validating the TID to Link Mapping action request frame, when a station connects to an access point. |
| Information disclosure in Audio while accessing AVCS services from ADSP payload. |
| Memory corruption in video while parsing the Videoinfo, when the size of atom is greater than the videoinfo size. |
| Transient DOS while parsing IPv6 extension header when WLAN firmware receives an IPv6 packet that contains `IPPROTO_NONE` as the next header. |
| Information disclosure while handling T2LM Action Frame in WLAN Host. |
| Memory corruption in BT controller while parsing debug commands with specific sub-opcodes at HCI interface level. |
| Transient DOS while processing IKEv2 Informational request messages, when a malformed fragment packet is received. |
| Memory corruption during management frame processing due to mismatch in T2LM info element. |
| Transient DOS in Bluetooth Host while rfc slot allocation. |
| Memory corruption in MPP performance while accessing DSM watermark using external memory address. |
| Information Disclosure in Qualcomm IPC while reading values from shared memory in VM. |
| Memory corruption in UTILS when modem processes memory specific Diag commands having arbitrary address values as input arguments. |
| Information disclosure when the trusted application metadata symbol addresses are accessed while loading an ELF in TEE. |
